Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

mi controllereste il log? Opzioni
si_mo
Inviato: Tuesday, April 07, 2009 4:15:56 PM

Rank: Member

Iscritto dal : 7/31/2005
Posts: 4
Salve! ho paura di aver qualche programma spia, che mi dirotta su altri siti, ho già fatto varie scansione ed ho eliminato dei virus, potreste verificare tramite il log se vi è qualche cos'altro? Grazie! Ciao Ciao!

Lo posto qui:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.13.41, on 07/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Intelligent\Common\RaUI.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\Simona\IMPOST~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Intelligent Wireless Utility.lnk = C:\Programmi\Intelligent\Common\RaUI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225468124703
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programmi\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmi\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programmi\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDC70768-92FB-465E-9CB6-D153AABBBCAC}: NameServer = 194.183.64.10,151.99.125.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 5683 bytes
Sponsor
Inviato: Tuesday, April 07, 2009 4:15:56 PM

 
pidue
Inviato: Tuesday, April 07, 2009 4:32:48 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Scarica Combofix , salvalo sul desktop, disabilita l'antivirus e chiudi la connessione a internet.
Lancialo in mod normale e segui scrupolosamente le istruzioni a video.
Al termine, verrà creato un log in C:\ComboFix.txt. che tu pubblicherai.




si_mo
Inviato: Tuesday, April 07, 2009 9:47:40 PM

Rank: Member

Iscritto dal : 7/31/2005
Posts: 4
Non si tratta di avere paura, mi si aprono cose che io non richiedo! tra l'altro con tutte le scansione fatte ho eliminato 27 virus, quindi qlc c'era!

Poi mi si apre da solo window messenger che tra l'altro non ho mai usato! Oggi l'ho eliminato direttamente dai programmi, spero di nn avere fatto confusione; poi un'altra cosa che riscontro è che ultimamente è lentissimo, navigo con Alice 7 Mega e nn era così!

Se puoi aiutarmi ti sarei grata!

Grazie!
pidue
Inviato: Tuesday, April 07, 2009 10:16:58 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Scarica Combofix , salvalo sul desktop, disabilita l'antivirus e chiudi la connessione a internet.
Lancialo in mod normale e segui scrupolosamente le istruzioni a video.
Al termine, verrà creato un log in C:\ComboFix.txt, che dovrai pubbblicare.




si_mo
Inviato: Wednesday, April 08, 2009 3:40:18 PM

Rank: Member

Iscritto dal : 7/31/2005
Posts: 4
Grazie x il consiglio... ti posto qui il log di combofix! Grazie ancora! Simona


ComboFix 09-04-04.01 - Simona 2009-04-08 15.34.22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.958.639 [GMT 2:00]
Eseguito da: c:\documents and settings\Simona\Desktop\ComboFix.exe
FW: PC Tools Firewall Plus *enabled*
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-03-08 al 2009-04-08 )))))))))))))))))))))))))))))))))))
.

2009-04-08 15:31 . 2009-04-08 15:31 <DIR> d-------- C:\32788R22FWJFW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 13:26 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-04-07 19:23 --------- d-----w c:\documents and settings\Simona\Dati applicazioni\Skype
2009-04-07 14:08 --------- d-----w c:\documents and settings\Simona\Dati applicazioni\skypePM
2009-04-06 13:22 --------- d-----w c:\programmi\eMule
2009-04-04 14:54 41,728 ----a-w c:\windows\system32\drivers\VIRAGTLT.SYS
2009-03-26 13:14 --------- d-----w c:\programmi\PC Tools Firewall Plus
2009-03-16 17:43 130,424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-03-05 15:26 7,956 ----a-w C:\hkcurs1.zip
2009-03-05 15:26 2,013 ----a-w C:\hkcurs2.zip
2009-03-05 15:25 39,162 ----a-w C:\kqicon003.zip
2009-03-05 15:25 18,485 ----a-w C:\dnl_kt_icon.zip
2009-03-03 15:25 --------- d-----w c:\programmi\File comuni\Skype
2009-03-03 15:25 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2009-03-03 15:25 --------- d-----r c:\programmi\skype
2009-02-25 15:37 73,840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-02-25 15:36 95,640 ----a-w c:\windows\system32\drivers\pctplfw.sys
2008-10-29 13:27 62,928 ----a-w c:\documents and settings\Simona\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-10-25 12:20 6,637,592 ----a-w c:\programmi\SUPERAntiSpyware.exe
2008-10-11 13:30 812,344 ----a-w c:\programmi\HJTInstall.exe
2008-09-13 08:46 24,192 ----a-w c:\documents and settings\Simona\usbsermptxp.sys
2008-09-13 08:46 22,768 ----a-w c:\documents and settings\Simona\usbsermpt.sys
2006-01-26 12:20 189,764 ----a-w c:\programmi\mp3DC139.exe
.

((((((((((((((((((((((((((((( snapshot@2008-10-15_21.58.53,57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 05:22:52 51,680 -c----w c:\windows\$NtUninstallWdf01005$\spuninst\Kmdfcustom.dll
+ 2006-10-08 19:51:14 221,488 -c----w c:\windows\$NtUninstallWdf01005$\spuninst\spuninst.exe
+ 2006-10-08 19:51:14 379,184 -c----w c:\windows\$NtUninstallWdf01005$\spuninst\updspapi.dll
+ 2009-03-03 15:25:09 364,726 ----a-r c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
- 2008-09-13 08:32:42 167,936 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-11-05 13:41:00 167,936 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-09-13 08:32:42 2,560 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-11-05 13:41:00 2,560 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-09-13 08:32:42 34,304 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-11-05 13:41:00 34,304 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-09-13 08:32:42 8,192 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-11-05 13:41:00 8,192 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-09-13 08:32:42 3,584 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-11-05 13:41:00 3,584 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-09-13 08:32:42 114,688 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-11-05 13:41:00 114,688 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-09-13 08:32:42 16,384 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-11-05 13:41:00 16,384 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-09-13 08:32:42 30,720 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-11-05 13:41:00 30,720 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-09-13 08:32:42 22,528 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-11-05 13:41:00 22,528 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-09-13 08:32:42 45,056 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-11-05 13:41:00 45,056 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-09-13 08:32:42 90,112 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-11-05 13:41:00 90,112 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-10-25 12:56:29 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-10-25 12:56:29 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2007-04-11 13:32:22 56,080 ----a-w c:\windows\KHALMNPR.Exe
- 2000-08-31 06:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2004-08-19 13:39:06 66,560 ----a-w c:\windows\system32\cdm.dll
+ 2007-07-30 18:19:20 92,504 ----a-w c:\windows\system32\cdm.dll
- 2004-08-19 13:39:06 66,560 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2007-07-30 18:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2004-08-03 21:08:20 36,224 -c--a-w c:\windows\system32\dllcache\hidclass.sys
+ 2004-08-03 21:08:18 24,960 -c--a-w c:\windows\system32\dllcache\hidparse.sys
+ 2001-08-17 20:02:20 9,600 -c--a-w c:\windows\system32\dllcache\hidusb.sys
+ 2004-08-19 13:26:40 53,632 -c--a-w c:\windows\system32\dllcache\i8042prt.sys
+ 2004-08-19 13:30:20 25,088 -c--a-w c:\windows\system32\dllcache\kbdclass.sys
+ 2004-08-19 13:22:38 23,552 -c--a-w c:\windows\system32\dllcache\mouclass.sys
+ 2001-08-30 18:41:06 12,160 -c--a-w c:\windows\system32\dllcache\mouhid.sys
+ 2004-08-03 21:58:46 15,104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
- 2004-08-19 13:39:34 432,128 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2007-07-30 18:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2004-08-19 13:39:48 111,616 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2007-07-30 18:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2004-08-19 13:39:34 1,134,592 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2007-07-30 18:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2004-08-19 13:39:34 114,176 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2007-07-30 18:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2004-08-19 13:39:34 36,864 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2007-07-30 18:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2004-08-19 13:39:34 120,320 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2007-07-30 18:19:46 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2001-08-17 20:02:20 9,600 ----a-w c:\windows\system32\drivers\hidusb.sys
+ 2003-03-09 19:31:00 51,024 ----a-w c:\windows\system32\drivers\hpzid412.sys
+ 2003-03-09 19:31:02 16,080 ----a-w c:\windows\system32\drivers\HPZipr12.sys
+ 2005-10-22 06:22:48 21,568 ----a-w c:\windows\system32\drivers\HPZius12.sys
+ 2007-04-11 13:32:30 20,496 ----a-w c:\windows\system32\drivers\L8042Kbd.sys
+ 2007-04-11 13:32:38 63,248 ----a-w c:\windows\system32\drivers\L8042mou.Sys
+ 2007-04-11 13:32:52 34,832 ----a-w c:\windows\system32\drivers\LHidFilt.Sys
+ 2007-04-11 13:32:58 36,112 ----a-w c:\windows\system32\drivers\LMouFilt.Sys
+ 2007-04-11 13:33:06 79,376 ----a-w c:\windows\system32\drivers\LMouKE.Sys
+ 2007-04-11 13:33:14 28,688 ----a-w c:\windows\system32\drivers\LUsbFilt.sys
- 2004-08-19 13:50:30 23,552 ----a-w c:\windows\system32\drivers\mouclass.sys
+ 2004-08-19 13:22:38 23,552 ----a-w c:\windows\system32\drivers\mouclass.sys
+ 2001-08-30 18:41:06 12,160 ----a-w c:\windows\system32\drivers\mouhid.sys
+ 2008-09-22 11:29:18 97,408 ----a-w c:\windows\system32\drivers\pctfw.sys
+ 2008-12-11 07:38:22 159,600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
+ 2004-08-03 21:58:46 15,104 ----a-w c:\windows\system32\drivers\usbscan.sys
+ 2006-11-02 05:22:54 492,000 ------w c:\windows\system32\drivers\wdf01000.sys
+ 2006-11-02 05:22:52 32,224 ------w c:\windows\system32\drivers\wdfldr.sys
+ 2007-04-11 13:32:52 34,832 -c--a-w c:\windows\system32\DRVSTORE\lfhidhid_AE49CF7A8ECC1A99B793E188BDD77103BF9A4571\LHidFilt.sys
+ 2007-04-11 13:33:20 1,419,024 -c--a-w c:\windows\system32\DRVSTORE\lfhidhid_AE49CF7A8ECC1A99B793E188BDD77103BF9A4571\WdfCoInstaller01005.dll
+ 2007-04-11 13:33:14 28,688 -c--a-w c:\windows\system32\DRVSTORE\lfhidusb_34C0B169C0F0216ABB2FADCF857761C40513C0EC\LUsbFilt.sys
+ 2007-04-11 13:33:20 1,419,024 -c--a-w c:\windows\system32\DRVSTORE\lfhidusb_34C0B169C0F0216ABB2FADCF857761C40513C0EC\WdfCoInstaller01005.dll
+ 2007-04-11 13:32:52 34,832 -c--a-w c:\windows\system32\DRVSTORE\lfkbdhid_3787EF478DB0DC00ADEE4DCD2D3B66B57B8CE09C\LHidFilt.sys
+ 2007-04-11 13:33:20 1,419,024 -c--a-w c:\windows\system32\DRVSTORE\lfkbdhid_3787EF478DB0DC00ADEE4DCD2D3B66B57B8CE09C\WdfCoInstaller01005.dll
+ 2007-04-11 13:32:22 56,080 -c--a-w c:\windows\system32\DRVSTORE\lfmouhid_10C7F3421939DA6E2806F5500B0342437634A347\KHALMNPR.exe
+ 2007-04-11 13:32:52 34,832 -c--a-w c:\windows\system32\DRVSTORE\lfmouhid_10C7F3421939DA6E2806F5500B0342437634A347\LHidFilt.sys
+ 2007-04-11 13:32:58 36,112 -c--a-w c:\windows\system32\DRVSTORE\lfmouhid_10C7F3421939DA6E2806F5500B0342437634A347\LMouFilt.sys
+ 2007-04-11 13:33:20 1,419,024 -c--a-w c:\windows\system32\DRVSTORE\lfmouhid_10C7F3421939DA6E2806F5500B0342437634A347\WdfCoInstaller01005.dll
+ 2007-04-11 13:32:30 20,496 -c--a-w c:\windows\system32\DRVSTORE\lkbdps2k_9596CEA748EB5F658C6E5BB53EACD081280A4C4D\L8042Kbd.sys
+ 2007-04-11 13:32:22 56,080 -c--a-w c:\windows\system32\DRVSTORE\lmoups2k_6C72A33CEA374B8F0F934E4770A12C1E8A8096CD\KHALMNPR.Exe
+ 2007-04-11 13:32:38 63,248 -c--a-w c:\windows\system32\DRVSTORE\lmoups2k_6C72A33CEA374B8F0F934E4770A12C1E8A8096CD\L8042mou.Sys
+ 2007-04-11 13:33:06 79,376 -c--a-w c:\windows\system32\DRVSTORE\lmoups2k_6C72A33CEA374B8F0F934E4770A12C1E8A8096CD\LMouKE.Sys
- 2003-02-28 08:10:02 274,432 ----a-w c:\windows\system32\hpgwiamd.dll
+ 2003-03-09 19:31:04 274,432 ----a-w c:\windows\system32\hpgwiamd.dll
+ 2003-03-09 19:31:04 561,152 ----a-w c:\windows\system32\hpotscl.dll
+ 2003-03-09 19:31:04 81,920 ----a-w c:\windows\system32\hpovst08.dll
+ 2003-03-09 19:30:42 237,568 ----a-w c:\windows\system32\HPZc3212.dll
+ 2003-03-09 19:31:00 233,528 ----a-w c:\windows\system32\HPZidr12.dll
+ 2003-03-09 19:31:02 61,699 ----a-w c:\windows\system32\HPZinw12.exe
+ 2003-03-09 19:31:02 65,795 ----a-w c:\windows\system32\HPZipm12.exe
+ 2003-03-09 19:31:02 167,936 ----a-w c:\windows\system32\HPZipr12.dll
+ 2003-03-09 19:31:02 94,208 ----a-w c:\windows\system32\HPZipt12.dll
+ 2003-03-09 19:31:02 57,344 ----a-w c:\windows\system32\HPZisn12.dll
+ 2007-04-23 02:00:00 163,840 ----a-w c:\windows\system32\kemutb.dll
+ 2007-04-23 02:00:00 135,168 ----a-w c:\windows\system32\KemUtil.dll
+ 2007-04-23 02:00:00 110,592 ----a-w c:\windows\system32\KemWnd.dll
+ 2007-04-23 02:00:00 69,632 ----a-w c:\windows\system32\KemXML.dll
- 2001-03-08 17:30:00 24,064 ------w c:\windows\system32\msxml3a.dll
+ 2002-02-21 16:56:34 24,576 ----a-w c:\windows\system32\msxml3a.dll
- 2008-09-14 14:36:05 58,930 ----a-w c:\windows\system32\perfc009.dat
+ 2009-04-01 09:55:36 58,930 ----a-w c:\windows\system32\perfc009.dat
- 2008-09-14 14:36:05 69,988 ----a-w c:\windows\system32\perfc010.dat
+ 2009-04-01 09:55:36 69,988 ----a-w c:\windows\system32\perfc010.dat
- 2008-09-14 14:36:05 392,630 ----a-w c:\windows\system32\perfh009.dat
+ 2009-04-01 09:55:36 392,630 ----a-w c:\windows\system32\perfh009.dat
- 2008-09-14 14:36:05 437,882 ----a-w c:\windows\system32\perfh010.dat
+ 2009-04-01 09:55:36 437,882 ----a-w c:\windows\system32\perfh010.dat
+ 2004-08-19 13:50:30 20,992 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\hid.dll
+ 2004-08-03 21:08:20 36,224 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\hidclass.sys
+ 2004-08-03 21:08:18 24,960 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\hidparse.sys
+ 2001-08-17 20:02:20 9,600 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\hidusb.sys
+ 2004-08-19 13:50:30 23,552 ----a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\mouclass.sys
+ 2001-08-30 18:41:06 12,160 ----a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\mouhid.sys
+ 2004-08-19 13:26:40 53,632 ----a-w c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\i8042prt.sys
+ 2004-08-19 13:30:20 25,088 ----a-w c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\kbdclass.sys
+ 2007-07-30 18:19:36 549,720 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.0.6000.381\wuapi.dll
+ 2007-07-30 18:18:40 33,624 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2006-10-08 19:51:14 14,640 ------w c:\windows\system32\spmsg.dll
+ 2004-08-19 14:39:24 134,656 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2004-08-19 14:39:24 464,384 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2006-10-08 19:51:14 23,856 ----a-w c:\windows\system32\spupdsvc.exe
+ 2007-04-11 13:33:20 1,419,024 ----a-w c:\windows\system32\WdfCoInstaller01005.dll
- 2004-08-19 13:39:34 432,128 ----a-w c:\windows\system32\wuapi.dll
+ 2007-07-30 18:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll
- 2004-08-19 13:39:48 111,616 ----a-w c:\windows\system32\wuauclt.exe
+ 2007-07-30 18:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe
- 2004-08-19 13:39:34 1,134,592 ----a-w c:\windows\system32\wuaueng.dll
+ 2007-07-30 18:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll
- 2004-08-19 13:39:34 114,176 ----a-w c:\windows\system32\wucltui.dll
+ 2007-07-30 18:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll
- 2004-08-19 13:39:34 36,864 ----a-w c:\windows\system32\wups.dll
+ 2007-07-30 18:18:40 33,624 ----a-w c:\windows\system32\wups.dll
+ 2007-07-30 18:19:12 43,352 ----a-w c:\windows\system32\wups2.dll
- 2004-08-19 13:39:34 120,320 ----a-w c:\windows\system32\wuweb.dll
+ 2007-07-30 18:19:46 203,096 ----a-w c:\windows\system32\wuweb.dll
+ 2005-09-22 21:49:12 95,744 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2005-09-22 23:16:02 1,093,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2005-09-22 23:16:06 1,079,808 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2005-09-22 23:16:08 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2005-09-22 23:16:10 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2005-09-22 22:58:06 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2005-09-22 22:58:06 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2005-09-22 22:58:06 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2005-09-22 22:58:06 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2005-09-22 22:58:06 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2005-09-22 22:58:06 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2005-09-22 22:58:06 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2005-09-22 22:58:06 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2005-09-22 22:58:06 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2005-09-22 23:35:10 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\vcomp.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AnyDVD"="c:\programmi\SlySoft\AnyDVD\AnyDVD.exe" [2008-09-13 462848]
"Ulead AutoDetector v2"="c:\programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-25 2652056]
"SiSPower"="SiSPower.dll" [2005-02-25 c:\windows\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 c:\windows\AGRSMMSG.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Intelligent Wireless Utility.lnk - c:\programmi\Intelligent\Common\RaUI.exe [2008-09-14 1110016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-27 12:36 352256 c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\skype\\Phone\\Skype.exe"=

R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.SYS [2008-10-24 41728]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-01-26 159600]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2008-09-03 55024]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-01-26 73840]
R2 viritsvclite;Virit eXplorer Lite;c:\vexplite\VIRITSVC.EXE [2007-10-10 57344]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-01-26 95640]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-MSMSGS - c:\programmi\Messenger\msmsgs.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {EDC70768-92FB-465E-9CB6-D153AABBBCAC} = 194.183.64.10,151.99.125.3
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 15:35:41
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
.
Ora fine scansione: 2009-04-08 15.37.03
ComboFix-quarantined-files.txt 2009-04-08 13:37:00

Pre-Run: 2.218.442.752 byte disponibili
Post-Run: 2,709,250,048 byte disponibili

267
si_mo
Inviato: Friday, April 10, 2009 8:49:52 PM

Rank: Member

Iscritto dal : 7/31/2005
Posts: 4
x caso qualcuno ha tempo di dare un'occhiata al log di combofix?

Grazie!!!!
pidue
Inviato: Friday, April 10, 2009 9:40:19 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Ciao, per intanto lancia HijackThis e fixa queste due righe, dovresti risolver il problema del Messenger;

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)



Poi scarica VirIt , installalo e aggiornalo. Fai due scansioni in modalità provvisoria e pubblica il rapporto. Non serve disattivare il tuo antivirus residente. Pubblica il report e riferisci se il problema è risolto.





Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.